Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 734D1176E6 for ; Sat, 7 Nov 2015 14:25:11 +0000 (UTC) Received: (qmail 98614 invoked by uid 500); 7 Nov 2015 14:25:11 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 98563 invoked by uid 500); 7 Nov 2015 14:25:11 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 98521 invoked by uid 99); 7 Nov 2015 14:25:11 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Nov 2015 14:25:11 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 08FD42C1F5E for ; Sat, 7 Nov 2015 14:25:11 +0000 (UTC) Date: Sat, 7 Nov 2015 14:25:11 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1692) Apache HttpClient overrides the protocols supplied by JVM and instead defaults it to TLSv1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14995228#comment-14995228 ] Oleg Kalnichevski commented on HTTPCLIENT-1692: ----------------------------------------------- Sorry for being blunt, Mohammed, but you do not seriously expect us to debug some vendor library, do you? Please reproduce the issue using HttpClient code only or ask the vendor of that library to do so. Oleg > Apache HttpClient overrides the protocols supplied by JVM and instead defaults it to TLSv1.0 > -------------------------------------------------------------------------------------------- > > Key: HTTPCLIENT-1692 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1692 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.5 > Environment: Windows and Linux > Reporter: Mohammed Aijaz Yousuf > Attachments: .litle_SDK_config.properties, AuthExample.java, ResponseWith_TLS1.2_SSLContext, Response_Normal.xml, litle-sdk-for-java-9.3.1.jar, litle-sdk-for-java-9.3.1.zip > > > Issue : We have a SDK provided by our Payment gateway and we use this SDK to invoke the Payment webservices. This SDK uses Apache HttpCLient /Post methods to make webservice calls and Payment gateway requires the communication to go through TLS1.2 handshake. We invoke these payment services using 2 ways : > 1. Using IBM Websphere Application server. > 2. Using IBM Agent Server (Batch job which runs on a JVM process and uses Queue to process and listen to messages) > a. For IBM websphere, we were able to make the TLS1.2 protocol work by changing the "Quality Of Protection" SSL settings but we cannot make it work on IBM Agent server. > b. We tried passing the protocols explicitly by giving "https.protocols=TLSv1.2" as system arguments when starting the server but it seems the Apache HttpsClient is overriding the protocol and setting it to JVM default protocol which is TLSv1.0. Due to this default protocol, all our communications with Payment gateway are failing. We are using apache-httpcomponents-httpclient.jar. > c. We tried using the httpClient4.5.x but even then the same behavior is seen.Another issue we faced when we use higher versions of httpclient was whenever we try deploying the Httpclient 4.5.x.jar on websphere, Websphere is throwing Class conflict error as IBM websphere has a com.ibm.ws.prereq.jaxrs.jar plugin which internally supports only apache 4.1.x. We tried changing the websphere class loader policy to read the Parent class last but it starts effecting other functionalities. > d. We would basically need to know how we can enforce the httpclient to accept the JVM protocols set in system property "https.protocols=TLSv1.2" instead of overriding the protocol to TLSv1.0. > e. We are using IBM JDK 1.6 SR5 and IBM Websphere 8.5.5 > Secondly we are not using JSSE socketfactory but are using Websphere SSL socket factory with com.ibm.ws.security.crypto.jar: > # WebSphere socket factories (in cryptosf.jar) > ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory > ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory > f. Its an Open source SDK provided by Vantiv and it can be used by anyone at https://github.com/LitleCo/litle-sdk-for-java > Below is the URL: > https://www.testlitle.com/sandbox/communicator/online -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org